Securely Generating and Storing Passwords in a Computer System

US 20150256343A1
Filed: 07/26/2013
Published: 09/10/2015
Est. Priority Date: 08/13/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method of protecting a password in a computer, comprising a processor:

selecting a first local configuration word associated with the computer as a data word;

applying a hash function to the data word to calculate a hash value; and

generating an encrypted string by using the hash value as a key to encrypt the password; and

storing the encrypted string in a memory in the computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for protecting a password are disclosed. According to one aspect of the present invention, a processor selects a set of local configuration data. This can include one or more strings associated with local configuration data. The processor concatenates the set of local configuration data and calculates a hash value of the concatenated data. The processor generates an encrypted string by using the hash value as a key to encrypt the password. Then the processor encodes the encrypted string as a string in a software program. When the password is needed by a first computer system to access a second computer system, the steps are reversed, the password obtained and the first computer system accesses the second computer system.

Citations

21 Claims

1. A method of protecting a password in a computer, comprising a processor:
- selecting a first local configuration word associated with the computer as a data word;
  
  applying a hash function to the data word to calculate a hash value; and
  
  generating an encrypted string by using the hash value as a key to encrypt the password; and
  
  storing the encrypted string in a memory in the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, comprising the processor, encoding the encrypted string as a string in a software program which is stored in the memory.
  - 3. The method of claim 1, wherein the processor concatenates a second local configuration word with the first local configuration word to generate the data word.
  - 4. The method of claim 1, wherein a SHA-256 hash value is calculated.
  - 5. The method of claim 1, wherein the key is a AES-256 key.
  - 6. The method of claim 1, wherein the encoding step uses Base64.
  - 7. The method of claim 1, wherein a CPUID instruction from the processor is used to generate the first local configuration word.
  - 8. The method of claim 1, wherein a 48-bit MAC address from a network interface card is used to generate the first local configuration word.
  - 9. The method of claim 1, wherein a software license number from an operating system is used to generate the first local configuration word.
  - 10. The method of claim 1, wherein a model and serial number from a peripheral device connected to the processor is used to generate the first local configuration word.
  - 11. The method of claim 1, further comprising the processor performing the steps of:
    - decoding the encrypted string to get binary ciphertext;
      
      obtaining the data word and calculating the hash value using the hash function to obtain a reconstructed key;
      
      decrypting the binary ciphertext with the reconstructed key to obtain the password.
  - 12. The method of claim 11 comprising the processor using the password to access a computer system.
  - 13. The method of claim 11, wherein the reconstructed key is stored in a memory by the processor and, after using the reconstructed key, the processor erases the reconstructed key from the memory.
  - 14. The method of claim 13, wherein the processor erases the reconstructed key by writing over the reconstructed key in the memory.

15. A computer system having a plurality of associated local configuration words, comprising:
- a memory having an instruction set stored in it;
  
  a processor in communication with the instruction set in the memory, the instruction set operable to cause the processor to;
  
  generate a data word from one of the local configuration words;
  
  calculating a hash value from the data word;
  
  generate an encrypted string by using the hash value as a key to encrypt the password; and
  
  store the encrypted string in the memory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the instruction set causes the encrypted string in a software program which is stored the encrypted string in the memory.
  - 17. The computer system of claim 15, wherein the data word is generated from one or more other of the local configuration words, the local configuration words being concatenated to generate the data word.
  - 18. The computer system of claim 15 wherein the encrypted string is stored in a configuration file.
  - 19. The computer system of claim 15 wherein the local configuration data word and the second local configuration data word are selected from the group consisting of:
    - a string generated by using a CPUID instruction from the processor, a string generated by processing a 48-bit MAC address from a network interface card, a string generated by processing a software license number from an operating system, a string generated by processing a model and serial number from a peripheral device connected to the processor, and a string generated by processing model or serial numbers or interrupt vectors or addresses or priorities of the peripheral device.
  - 20. The computer system of claim 15 wherein the processor, some time later, decodes the encrypted string to get binary ciphertext, obtains the local configuration word and the second local configuration word, concatenates the local configutation word and the second local configuration word, calculates the hash value to obtain a reconstructed key, decrypts the binary ciphertext with the reconstructed key to obtain the password, and uses the password to access a second computer.

21. A system, comprising:
- a first computer having a memory with an instruction set and a processor in communication with the instruction set, anda second computer that can be accessed with a password,wherein the processor, under control of the instruction set, is operable to select a set of local configuration data, to concatenate the set of local configuration data and to calculate a hash value of the concatenated data, to generate an encrypted string by using the hash value as a key to encrypt the password and to encode the encrypted string as a string in a software programwherein the processor, some time later under control of the instruction set, is operable to decode the encrypted string to get binary ciphertext, to obtain the set of local configuration data and calculates the hash value to obtain a reconstructed key, to decrypt the binary ciphertext with the reconstructed key to obtain the password, and to use the password to access the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens Corp. (Siemens AG)
Original Assignee
Siemens Corp. (Siemens AG)
Inventors
Graveman, Richard F.

Application Number

US14/428,135
Publication Number

US 20150256343A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/44   Program or device authentic...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0819   Key transport or distributi...

H04L 9/3242   involving keyed hash functi...

Securely Generating and Storing Passwords in a Computer System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Securely Generating and Storing Passwords in a Computer System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links